-
You can consolidate the four files (`DetectBruteForceAttack.ts`, `DetectInputValidation.ts`, `InsecureAuthentication.ts`, and `AnalyzeSecurityHeaders.ts`) into a single script since they share common …
-
imageio can attempt to download shared freeimage libraries from https://github.com/imageio/imageio-binaries/tree/master/freeimage. The code fetches straight from master and provides no way of verifyin…
-
We have received a report of potential vulnerabilities in the BreachDetector solution as listed below:
Risk Value - M3
Issue Description - Missing Fortified Functions
Details - This finding is fo…
-
**Reasoning**
Currently, the only way to obtain the App is through sideloading, which is insecure and breaks the AOSP security model, since the download can't be verified before installation.
**Pu…
-
Veracode Software Composition Analysis
===============================
Attribute | Details
| --- | --- |
Library | Spring Web MVC
Description | Spring Web MVC
Language | JAVA
Vulnerabi…
-
MASWE supports CWE mappings already:
https://github.com/search?q=repo%3AOWASP%2Fowasp-mastg%20%22cwe%3A%22&type=code
For example, in MASWE-0041:
```yaml
mappings:
masvs-v1: [MSTG-AUTH-1]
…
-
Veracode Software Composition Analysis
===============================
Attribute | Details
| --- | --- |
Library | Spring Core
Description | Spring Core
Language | JAVA
Vulnerability |…
-
Veracode Software Composition Analysis
===============================
Attribute | Details
| --- | --- |
Library | Apache Log4j
Description | Apache Log4j 1.2
Language | JAVA
Vulnerabi…
-
#### Summary
The registry add-on only works in insecure mode. I would like a secure mode to be supported as well.
#### Why is this important?
1) Security risks associated with the insecure re…
-
We have performed the static code analysis for the unmanaged c++ dll.
It reported the below error
Error BA2004 'ts2coreD.dll' is a native binary that directly compiles and links one or more obje…